5 matches found
WebKit: UXSS: CachedFrame doesn't detach openers(CVE-2017-2528)
When a document loads "about:blank" or "about:srcdoc", it tries to inherit the security origin from its parent frame, or its opener frame if the parent frame doesn't exist. Normally, it doesn't happen that a subframe's document inherits its opener frame's security origin, because it has the paren...
WebKit CachedFrame Universal Cross Site Scripting Vulnerability
Exploit for multiple platform in category web applications WebKit: UXSS: CachedFrame doesn't detach openers CVE-2017-2528 When a document loads "about:blank" or "about:srcdoc", it tries to inherit the security origin from its parent frame, or its opener frame if the parent frame doesn't exist...
CVE-2017-2528
creationtimestamp| type| source ---|---|--- 2017-06-01 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/42105...
CVE-2017-2528
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS UXSS attacks via a crafted web site that improperly interacts with cached frames...
CVE-2017-2528
The CVE-2017-2528 issue affects Apple’s WebKit in iOS before 10.3.2 and Safari before 10.1.1, enabling universal XSS (UXSS) via a crafted site that interacts with cached frames. Root cause is described as a WebKit caching/frame interaction flaw exploitable by remote attackers through malicious we...